| Beschreibung: | Description:
The remote host is missing an update to nagios
announced via advisory MDVSA-2008:067.
A number of vulnerabities were found in Nagios and Nagios Plugins
that are corrected with the latest version of both, as provided in
this update, including:
A buffer overflow in the redir function in the check_http plugin
allowed remote web servers to execute arbitrary code via long Location
header responses (CVE-2007-5198).
A buffer overflow in the check_snmp plugin allowed remote attackers to
cause a denial of service via crafted snmpget replies (CVE-2007-5623).
Cross-site scripting vulnerabilities in Nagios allowed remote
attackers to inject arbitrary web script or HTML via unknown vectors
to unspecified CGI scripts (CVE-2007-5624, CVE-2008-1360).
The updated packages provide Nagios 3.0 and Nagios Plugins 1.4.11
which are not vulnerable to these issues, and provide a number of
other enhancements and bug fixes. In addition, the packaging has been
optimized to reduce the number of extra dependencies that would have
to be installed
as a result you may have to install extra plugins
independantly that were once part of the full nagios-plugins package.
Affected: Corporate 4.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:067
Risk factor : High
CVSS Score:
6.8
|
